d-cent t1_j41ejqo wrote
Not a single sentence on the cyber attack. Was it a ransomware? Was it just a burn attack? Was it sophisticated?
EpictetussutetcipE t1_j423t30 wrote
I always assume ransomware when they refuse to provide details and it's an extended "outage". Likely attempting to use FBI sources keys to decrypt the data and exhaust all other options before they finally state the scope of the problem.
Not how anyone should handle the incident... but that's how they chose to I guess?
OneHelluvaUsername t1_j46lv3i wrote
Paralegal for a real estate law firm here.
Per my local Town Clerk, it was a Christmas Day hack. No ransomware detected, per the host sites (Cott Systems/Record Hub) Forensic audits are being run, according to title insurance companies.
If the hackers were looking for SSNs, they won't find them there. But it's not a bad place to start for stealing someone's identity.
There's been a lot of spoofing of attorney emails to facilitate wire fraud (successfully in one instance where I work). Why the client (who works in e-commerce) didn't think it odd to wire $47k to a florist in Indiana is beyond me ¯_(ツ)_/¯. But our company had to do a full forensic audit (and that took time). The FBI was involved.
I'm assuming the FBI will be involved in this much bigger hack, too.
Other towns affected:
- Pownal
- Arlington
- Shaftsbury
- Manchester
- Dorset
- Pawlet
cpujockey t1_j4g3oar wrote
People do not take cybersecurity seriously. Social engineering is a real thing. People really need to educate themselves or prepare for unemployment or worse - a stolen identity.
OneHelluvaUsername t1_j4gxasl wrote
Couldn't agree more.
My very first job was working as a sales associate at the Gymboree flagship store in NYC.
Corporate (in CA) left alllllll employees' information unencrypted on computers that were stolen one night.
I made minimum wage; had to pay out of pocket for identity monitoring services for corporate's idiocy.
cpujockey t1_j4gxek7 wrote
Wtf.
OneHelluvaUsername t1_j4gze78 wrote
Yup.
Between that and having to show up at 7am for a "loss prevention course" (see: if you take of the plastic shopping bags for your spare set of shoes, that counted as "theft"), I was not sad to see the company go under.
cpujockey t1_j4gzgnj wrote
Fuck that noise!
OneHelluvaUsername t1_j4h1t4p wrote
Yup. Store manager (who was actually a great person) decided to leave shortly after that and the rest of us jumped ship with her.
sickter6 OP t1_j4kx4ic wrote
When and how do you think the clerks will be able to prove nothing is missing from the records? If you do a ‘full search’ in one of these towns now, how can you be sure it is a ‘full search’ since now you know someone has been in there playing around with the records!? How do we know the hackers didn’t delete any and all irs liens for example. This is my concern…
OneHelluvaUsername t1_j4l9n7s wrote
Well, it's been my experience that town clerks have a sixth sense about these things (docs missing from their records), but I'd say the actual burden of proof on that falls to the forensic auditors.
VT digitizing records is relatively new compared to some other states. I believe they got funding from the CARES Act to do so.
Go to the card catolog indexes. They're sorted alphabetically by grantor/grantee name. Depending on the town, they'll be current (except for any docs received/submitted for recording 12/25/22 or later).
Express-Day1376 t1_j5304sl wrote
400 different government systems nationwide got taken out. The entire civil court system in Northumberland County Pennsylvania,. Deed recorders in North Carolina, Louisiana and apparently many other places.
OneHelluvaUsername t1_j53l4b1 wrote
Well, shit..I had no idea. And will be sharing that at work tomorrow.
The Vermont land records remain offline. Nearing in on a month now.
It's beginning to look a lot like Christmas ransomware.
Viewing a single comment thread. View all comments